Effective date: April 23, 2024. View the previous version here.
We take your privacy very seriously. This Privacy Policy describes the information and privacy practices of Upward Labs Holdings, Inc. (“Glow,” “we”, “us” or “our”) and how we handle personal information that we collect through our websites and mobile applications that link to this Privacy Policy (collectively, the “Service”), as well as through social media, our marketing activities and other activities described in this Privacy Policy. This Privacy Policy also describes your choices and rights with respect to your personal information.
We may provide additional, different or supplemental privacy notices for specific products, services, or other business activities that we offer or in which we are engaged. For example, if you enroll in a US study that we conduct, we may provide you with a privacy notice that governs how your personal information may be collected, used, and shared in connection with the study. You can also find our Health Data Privacy Policy here.
You can download a printable copy of this Privacy Policy here.
Index
- Personal information we collect
- How we use your personal information
- How we share your personal information
- Your choices
- Other sites and services
- Security
- International data transfer
- Children
- Changes to this Privacy Policy
- How to contact us
- California privacy rights notice
- Notice at Collection
- Notice of Right to Opt-Out of Sale/Sharing of and the “Do Not Sell or Share My Personal Information” Link
- Right to Opt-Out of Sale/Sharing of and the “Do Not Sell or Share My Personal Information” Link
- Notice to European users
- Cookie notice
Personal information we collect
Information you provide to us. The specific personal information we collect will depend on which Glow app you use and the features you choose to interact with. Not all of the features described in this Privacy Policy are available on every Glow app and certain categories of personal information described in this Privacy Policy are relevant to only certain Glow apps. Personal information you may provide to us through the Service or otherwise includes:
- Account data that you provide to create an account on the Service, including your name, email address, password, date of birth and mobile phone number.
- Profile data that you chose to add to your profile on the Service, such as your name, profile photo, location (e.g., city, state, country), ethnicity, gender, relationship status, interests, preferred language, occupation and insurance type.
- Health data that you choose to provide:
- directly through the Service, such as information about your physical attributes, sexual orientation, fertility, pregnancy, sexual activity, menstrual activity, sleep activity, mood, health conditions, medications, and number of children; and
- through your mobile health apps, such as Apple HealthKit, Samsung Health, Google Fit, MyFitnessApp, Oura Ring, which may include any information you chose to store in those apps, subject to your preferences for those apps.
- Data about others, such as
- the names and contact details of the spouses, partners or caregivers to whom you choose to grant access to information in your Glow app;
- information in the Glow app of anyone who has granted you access to it;
- the names and contact details of health care providers with whom you chose to share information in your account via emails generated through the Service;
- the email address of anyone you invite to use the Service through features in the Service, and the name of anyone who sent you such an invitation; and
- information that you chose to share about your children, which may include their name, date of birth, ethnicity, height, weight, other physical attributes, photos, feeding activity, sleep activity, developmental milestones, health and medications.
- Communications that we exchange with you, including when you contact us with questions or feedback, through social media, or otherwise.
- Payment and transactional data needed to complete your orders on or through the Service (including name, address, payment card information, billing information), and your transaction history.
- Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
- User generated content that you upload, generate, transmit, or otherwise make available on the Service, such as profile pictures, photos, videos, images, music, videos, comments, questions, messages, your “likes”, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was created or collected, how that content has been formatted or edited, and the location associated with the creation of the content.
- Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as social media accounts that you use to log into or connect to the Service, which will allow us to collect the information you chose to make available in your settings on that social media account.
Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
Cookies. Some of our automatic data collection is facilitated by cookies and similar technologies. For more information, see our Cookie Notice.
Data about others. Users of the Service may have the opportunity to refer friends or other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.
How we use your personal information
We use your personal information for the following purposes or as otherwise described at the time of collection:
Service delivery. We use your personal information to:
- provide, operate, and improve the Service and our business;
- establish and maintain your user profile on the Service;
- refer your contacts to join the Service;
- communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
- understand your needs and interests, personalize your experience with the Service and our communications; and
- provide support for the Service, and respond to your requests, questions and feedback.
Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Marketing and advertising. We, our service providers and our third party advertising partners may collect and use your personal information for the following marketing and advertising purposes:
- Direct marketing. We may send you Glow-related or other direct marketing communications as permitted by law.
- Interest-based advertising. We may engage third-party advertisers or advertising companies to display ads on our Service and other online services. These companies may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) over time across the Service, our communications and other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share names, email addresses and device identifiers of our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Your choices section of our Cookie Notice.
- As discussed above, we also may use your information to better provide our services to you and to provide a more personalized service to you, as detailed below.
Promotional Offers. From time to time, we may alert you to offers being made by third parties, and if you choose to access those offers, we will forward such information as you authorize us to share to those third parties, and we may get compensated for doing so. In this instance, we are acting merely as a conduit transferring your contact information, due date and other specifically approved information to the relevant sponsor on your behalf and at your specific instruction.
Compliance and protection. We may use your personal information to:
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements and internal policies;
- enforce the terms and conditions that govern the Service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
Retention. We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.
How we share your personal information
We may share your personal information with the parties below, with other third parties with your consent, and as otherwise described in this Privacy Policy or at the time of collection.
Other users and the public. Your name, profile URL, and any location or profile photo that you choose to add to your profile are visible to other users of the Service and the public by default, but you can choose to make your profile private in your account settings. Unless you elect to hide them in your settings, your posts on the Service will be visible to other users of the Service and the public. This information may be seen, collected, used and shared by others, and we are not responsible for their collection, use or sharing of this information.
Third party apps. You may instruct us to share certain of your personal information with third party apps such as Samsung Health, Apple Healthkit, Google Fit, MyFitnessApp, and Oura Ring. These parties will use your personal information as described in their respective privacy policies, which are hyperlinked here: Samsung’s privacy policy, Apple’s privacy policy, Google’s privacy policy, MyFitnessApp’s privacy policy, and Oura’s privacy policy.
Affiliates. Glow, Inc., the Glow First Trust, and our affiliates, for purposes consistent with this Privacy Policy.
Service providers. Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, and website analytics) to facilitate the provision of such services.
Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as Stripe. Stripe may use your payment information as described in its privacy policy: https://stripe.com/privacy
Advertising partners. Third party advertisers and advertising companies for the interest-based advertising purposes described above. Advertisers whose ads are posted on our Service may be able to infer information about you when you click on those ads (e.g., that you have a newborn if you click on an ad about a newborn product).
Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above. California has recently enacted AB 1242 which prohibits companies whose principal executive office are in California from providing records, information, facilities, or assistance in accordance with the terms of a warrant, court order, subpoena, wiretap order, pen register trap and trace order, or other legal process issued by, or pursuant to, the procedures of another state or a political subdivision thereof that relates to an investigation into, or enforcement of, a Prohibited Violation. A Prohibited Violation “Prohibited Violation” means any violation of law that creates liability for, or arising out of, either of the following: (i) Providing, facilitating, or obtaining an abortion that is lawful under California law; or (ii) Intending or attempting to provide, facilitate, or obtain an abortion that is lawful under California law.
Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Glow or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Your choices
You have the following choices with respect to your personal information.
Access or update your information. If you have registered for a Service account with us, you may review and update account information by logging into the account.
Delete your data. You may request to delete the personal information you have provided through the Service by emailing privacy@glowing.com. and we will complete the deletion within thirty days.
Delete your “Key Health Data” from our servers, but keep it on your personal device. You may opt into our “Offline Data Protection” feature. If you choose to do so, we will delete all “Key Health Data” (e.g., period data, health logs, etc.) from our servers, but leave it on your personal device. You will then be the only person with access to these health data and no one else. The definition of “Key Health Data” will vary depending on the App you are using, and we will define it as you opt into Offline Data Protection. You should be aware, however, that opting into this feature may cause certain features of our Apps to be limited. We will define the limited features at the time you opt into the Offline Data Protection Feature.
Delete your Glow account. You may request to delete your Glow account by emailing privacy@glowing.com.
Revoking your consent. If we have asked for your consent or affirmative authorization to collect, use or share your personal information, you can revoke it either in the relevant privacy settings in your Glow app or by emailing us at privacy@glowing.com. If, notwithstanding the choices available to you as described in this “your choices” section, you wish to revoke your authorization for Glow to handle your personal information as described in this Privacy Policy, you may do so by requesting that we delete your Glow account and the personal information that you have provided through the Service by emailing us at privacy@glowing.com. We will process such requests within a reasonably prompt timeframe after receipt and your revocation will become effective once processing is complete, until which time we will continue to handle your personal information as described in this Privacy Policy
Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. You may continue to receive service-related and other non-marketing emails.
Opt-out of personalized ads. You can opt-out of personalized ads on our apps and tracking for interest-based advertising purposes by using the disable personalized ads feature in your settings.
Cookies. For information about cookies employed by the Service and how to control them, see our Cookie Notice.
Mobile device permissions. You can use your mobile device’s privacy settings to disable our access to any data granted through them, such as your device’s precise geolocation, contacts and photos.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Third party platforms. If you choose to connect to the Service through your social media account, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third party platform, that choice will not apply to information that we have already received from that third party.
Legal rights. You may have certain legal rights with respect to your personal information. See the California privacy rights notice or the Notice for European users for information about the rights available to individuals in those locations. If you would like to exercise other legal rights not described in this Privacy Policy, contact us at privacy@glowing.com.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
Other sites and services
The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.
Security
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
International data transfer
We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.
Children
The Service is not intended for use by children younger than 16 years of age. If we learn that we have collected personal information through the Service from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Service. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.
How to contact us
Upward Labs Holdings, Inc.
580 California St
Suite 1200
San Francisco, CA 94104
United States of America
privacy@glowing.com
California privacy rights notice
This section applies only to California residents. It describes how we collect, use, and share Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. In some cases we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section.
The following California Notice at Collection (including the section on Privacy Rights following the chart below) and this Privacy Policy govern the personal information we collect from California residents (“you”) on any website or mobile application on which a link to this notice appears and any personal information we collect in connection with delivering services to you, whether online or offline. We have adopted this notice to comply with the CCPA. Please take the time to read and understand this California Notice at Collection. Please also read our entire Privacy Policy which includes important information regarding how we collect, use and share your personal information.
Notice At Collection
Like many companies, we use services that help deliver interest-based ads to you, as we have described above. Our use of some of these services may be classified under California law as “Sharing” of your Personal Information from which you have the right to opt-out as described below in our Notice of the Right to Opt-Out of the Sale/Sharing of Your Personal Information.
Personal information that we collect, use and disclose. The chart below summarizes the Personal Information we may collect by reference to the statutory categories of Personal Information specified in the CCPA, and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. The categories of personal information, sources, purposes of collection/use/disclosure and third parties listed in the chart below are described in more detail above. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.
Statutory category PI we collect in this category | Source of PI | Business/commercial purpose for collection/use/disclosure | Categories of third parties to whom we “disclose” PI for a business purpose* | Categories of third parties to whom we “share” or “sell” PI |
Sensitive Personal Information Personal information that reveals: – A user’s account log-in – A user’s racial or ethnic origin, – The contents of a user’s mail, email, and text messages unless the Company is the intended recipient of the communication. – Medical InformationPregnancy Status – Profile data – Health data – Data about others – Personal information collected and analyzed concerning a user’s health. – Personal information collected and analyzed concerning a user’s sex life or sexual orientation. | – You – Third party sources | – Service delivery – Research & development – Compliance & protection | – Third party apps (with your consent) – Other users and the public (with your consent) | – None |
Identifiers – Account data – Profile data – Data about others – Device data | – You – Third party sources – People you authorize Automatic collection | – Service delivery – Research & development – Marketing & advertising – Compliance & protection | – Affiliates – Payment processors – Advertising partners – Business and marketing partners – Other users and the public | – Advertising partners to facilitate online advertising (device data only) |
California Customer Records (as defined in California Civil Code section 1798.80) – Account data – Profile data – Health data – Payment transactional data – User-generated content – Data about others | – You – People you authorize | – Service delivery – Research & development – Marketing & advertising – Compliance & protection | – Affiliates – Payment processors – Other users and the public (with your consent) | – None |
Commercial Information – Payment transactional data – Marketing data – Communications – Online activity data | – You | – Automatic collection – Service delivery – Marketing & advertising – Compliance & protection | – Affiliates – Payment processors – Advertising partners – Business and marketing partners | – Advertising partners (to facilitate online advertising) |
Financial Information – Payment transactional data | – You | – Service delivery – Compliance & protection | – Payment processors | – None |
Internet or Network Information – Marketing data – Device data – Online activity data | – Automatic collection | – Service delivery – Research & development – Marketing & advertising – Compliance & protection | – Affiliates – Payment processors – Advertising partners – Third party app | – Advertising partners (to facilitate online advertising) |
Geolocation Data – General location associated with IP address | – Automatic collection | – Service delivery – Research & development – Marketing & advertising – Compliance & protection | – Affiliates – Advertising partners – Business and marketing partners – Other users and the public | – Advertising partners (to facilitate online advertising) – Business and marketing partners (to facilitate online advertising and offers to users) |
Inferences May be derived from your: – Profile data – Payment & transactional data – Marketing data – User-generated content – Online activity data | N/A | – Service delivery – Research & development – Marketing & advertising | – Affiliates – Advertising partners | – Advertising partners (to facilitate online advertising) |
Protected Classification Characteristics – We do not intentionally collect this information but it may be revealed in identity data or other information we collect | N/A | N/A | N/A | None |
Audio Visual Information – Profile data – User-generated content (images, video or audio) | You | Service delivery | Affiliates | None |
Data Retention. As discussed above, we generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.
Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and are subject to limitations and exemptions. In certain cases we may decline your request as permitted by law.
Notice of Right to Requests to Delete, Requests to Correct, and Requests to Know
Right to Information, Access, Correction and Deletion.
- Information. You have the Right to Know what personal information we have collected about you, including the categories of information detailed below. You can request the following information about how we have collected and used your Personal Information on or after January 1, 2022:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting, selling or sharing Personal Information.
- The categories of Personal Information that we sold or disclosed for a business purpose.
- The categories of third parties with whom we share personal information.
- The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
- The specific pieces of personal information we have collected about you.
- Access. You have the right to request a copy of the Personal Information that we have collected about you.
- Correction. You have the right to ask us to Correct the Personal Information that we have collected from you if it is inaccurate.
- Deletion. You have the right to ask us to delete the Personal Information that we have collected. Note that we will comply with such a request regardless of whether you are located in California or elsewhere and we will complete the deletion within forty-five days.
You may submit requests to exercise your Right To Know, Right To Correct and Right To Deletion of information we have collected and maintained about you described above via email to privacy@glowing.com or at https://support.glowing.com/hc/en-us/requests/new?ticket_form_id=360002386093
Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the privacy laws of the state where you reside.
Notice of Right to Opt-Out of Sale/Sharing of and the “Do Not Sell or Share My Personal Information” Link
Right to opt-out of the Sale/Sharing of your Personal Information
.
- Opt-out of sales. You have the right to opt-out of the sale of your Personal Information. We do not sell your information (in the sense of providing information about you to a third party that they can then transfer on to others or use themselves outside of their relationship with us). However, it is your right to Opt-out should that change.
- Opt-out of sharing. You have the right to opt-out of the sharing of your Personal Information.
You may submit requests to exercise your opt-out of the Sale/Sharing of information we have collected and maintained about you via email to privacy@glowing.com or at https://support.glowing.com/hc/en-us/requests/new?ticket_form_id=360002386093. Alternatively, you can request to opt-out of this Sharing of your personal information here: Your Privacy Choices, where you will find instructions on opting-out of the use of your information for interest-based advertising.
While the Service is not directed to children under 16 years of age, we are required to inform you that we do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
Opt-Out Preference Signals
We will process any opt-out preference signal that meets the CCPA’s requirements as a valid request to opt-out of sale/sharing. We process opt-out preference signals in a frictionless manner as described in the regulations adopted pursuant to the CCPA. You may elect to use an opt-out preference signal for us to process in a frictionless manner through your device and / or browser’s settings. You may also choose to opt out through any of the other methods detailed in the previous paragraph.
Notice of Right to Limit the Use of My Sensitive Personal Information
Limit use of your Sensitive Personal Information. You have the right under the CCPA to request that we limit use and disclosure of sensitive personal information (as defined in the CCPA) to certain activities specified in California Civil Code Section 1798.121. You may exercise your Right To Limit processing of Sensitive Personal Information we have collected and maintained about you by submitting your request via email to privacy@glowing.com or at https://support.glowing.com/hc/en-us/requests/new?ticket_form_id=360002386093.
Deidentified data. We do not to attempt to reidentify deidentified information that we derive from personal information, except that we may do so to test whether our deidentification processes comply with applicable law.
Your California privacy rights under California’s Shine the Light law. Under California’s Shine the Light law (California Civil Code Section 1798.83), California residents may ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes and the categories of personal information disclosed. You may send us requests for this information to privacy@glowing.com. In your request, you must include the statement “Shine the Light Request,” and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.
Verifying Your Requests
We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. To verify your requests, we may require authentication that is reasonable in light of the nature of the personal information requested.
We do not require you to verify your identity to make a request to opt-out of sale/sharing or to make a request to limit where that can be accomplished without verification.
We will need to verify your identity to process your information, access, correction and deletion requests and reserve the right to confirm your California residency. Depending on the nature, type, and sensitivity of the personal information, we may require additional information from you to match the information we already have about you, authentication into your Glow account if you have one, government identification, or a declaration under penalty of perjury.
We will let you know if we need more information from you to verify your request. Please reply to our requests promptly. If we cannot verify your request, we will let you know.
Information for Authorized Agents
You can authorize an agent to exercise your California privacy rights on your behalf. To submit a request to us as Authorized Agent, please email us at privacy@glowing.com. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of proof that the consumer gave the agent signed permission to submit the request or proof that you have provided the authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130.
Notice to Users from States other than California.
As noted above, we generally apply the opt out and other provisions of this privacy policy to all users, regardless of whether they are residents of California or otherwise. Those provisions are intended to comply not only with the requirements of California law, but also with the requirements of recently enacted Connecticut, Colorado, Utah and Virginia law regardless of whether they are currently effective. We will interpret our promises above broadly so that opting out of the use of Sensitive Personal Information will also implement an opting out of profiling under Virginia law, and the term “sharing” will include “processing for targeted advertising” as used in Virginia law. In addition, we will respond to any requests to appeal our privacy decisions that comply with Virginia law in accordance with our obligations thereunder.
Notice to European users
The information provided in this “Notice to European users” section applies only to individuals in the European Economic Area (“EEA”), United Kingdom (“UK”) and Switzerland, which we refer to in this notice collectively as “Europe”.
Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
Controller. Glow is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation (including, the EU GDPR and the so-called ‘UK GDPR’ (as and where applicable, the “GDPR”)). See the ‘How to contact us’ section above for our contact details.
Data Protection Officer. We have appointed a “Data Protection Officer”, this is a person who is responsible for independently overseeing and advising us in relation to our compliance with the GDPR (including compliance with the practices described in this Privacy Policy). If you want to contact our Data Protection Officer directly, you can email: GlowDataProtectionOfficer@glowing.com.
Representatives. We have appointed the following representatives in the EEA/UK as required by the GDPR – you can also contact them directly should you wish:
Our representative in the EEA. Our EEA representative appointed under the EU GDPR is VeraSafe Ireland Ltd, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland.
You can contact them by using this form.
Our representative in the UK. Our UK representative appointed under the UK GDPR is VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE1 7TL, United Kingdom.
You can contact them by using this form.
Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.
Processing purpose Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”. | Legal basis |
To operate our services | Processing is necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request. |
For research and development For marketing and advertising For compliance and protection | These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). |
To comply with law | Processing is necessary to comply with our legal obligations. |
With your consent | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services. |
Further uses | The original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the personal information was collected. Processing is based on your consent, if the relevant further use is not compatible with the initial purpose for which the personal information was collected. |
Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
Sensitive personal information. Where the collection of your sensitive personal information is required to operate the Service, we obtain your explicit consent to collect such information about you. Sensitive information includes information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership. You are free to make sensitive information public on the Community Forum (such as your political opinions and religious beliefs) but remember that this information is visible to other users.
Automated Decision-Making and Profiling. We are not making automated decisions about you. We may use profiling in regard to your personal information required to operate some of our services, for example, to the extent needed to predict health-related effects that you may experience from one month to the other. You can object to such profiling by contacting us at support@glowing.com.
Your rights. European data protection laws give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be described to you, if applicable, at the time of your request.
- Portability. Port a machine-readable copy of your personal information to you or a third party of your choice, in certain circumstances. Note that this right only applies to automated information for which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Restrict. Restrict the processing of your personal information, if, (i) you want us to establish the personal information’s accuracy; (ii) where our use of the personal information is unlawful but you do not want us to erase it; (iii) where you need us to hold the personal information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to use it.
- Object. Object to our processing of your personal information where we are relying on legitimate interests (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedom – you also have the right to object where we are processing your personal information for direct marketing purposes.
- Withdraw Consent. When we use your personal information based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
Exercising These Rights. You may submit these requests by email to privacy@glowing.com or at https://support.glowing.com/hc/en-us/requests/new?ticket_form_id=360002386093. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
Your Right to Lodge a Complaint with your Supervisory Authority. In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.
- For users in the European Economic Area – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
- For users in the UK – the contact information for the UK data protection regulator is below:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/
Cross-border data transfer. After collecting personal information directly from you, we further transfer your personal information to some recipients which may be located in countries in respect of which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient’s country is recognized as providing an adequate level of data protection under EEA/UK data protection laws (as applicable) and the transfer is therefore permitted under Article 45 of the GDPR.
Some recipients of your personal data may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (“Restricted Countries”). For example, the United States is a Restricted Country. Where we transfer your personal information to a recipient in a Restricted Country, we will either:
- enter into appropriate data transfer agreements based on so-called Standard Contractual Clauses approved from time-to-time under GDPR Art. 46 by the European Commission, the UK Information Commissioner’s Office or UK Government (as and where applicable); or
- rely on other appropriate means permitted by the EU GDPR/UK GDPR, which establish that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal information against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
You may ask for a copy of such appropriate data transfer agreements by contacting us using the contact details above.